Skip to content

Commit

Permalink
Merge pull request #4629 from dgarske/zd13337
Browse files Browse the repository at this point in the history 
Additional checking for side on TLS messages
  • Loading branch information
@SparkiDev
SparkiDev committed Dec 7, 2021
2 parents 261d305 + 54c3e0a commit 9f6aa36
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 13 deletions.
74 changes: 67 additions & 7 deletions src/internal.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13615,6 +13615,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)

#ifndef NO_WOLFSSL_CLIENT
case hello_request:
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("HelloRequest received by server");
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_hello_request) {
WOLFSSL_MSG("Duplicate HelloRequest received");
return DUPLICATE_MSG_E;
Expand All @@ -13626,6 +13632,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)

#ifndef NO_WOLFSSL_SERVER
case client_hello:
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_CLIENT_END) {
WOLFSSL_MSG("ClientHello received by client");
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_client_hello) {
WOLFSSL_MSG("Duplicate ClientHello received");
#ifdef WOLFSSL_EXTRA_ALERTS
Expand All @@ -13640,6 +13652,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)

#ifndef NO_WOLFSSL_CLIENT
case server_hello:
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("ServerHello received by server");
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_server_hello) {
WOLFSSL_MSG("Duplicate ServerHello received");
return DUPLICATE_MSG_E;
Expand All @@ -13651,6 +13669,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)

#ifndef NO_WOLFSSL_CLIENT
case hello_verify_request:
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("HelloVerifyRequest received by server");
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_hello_verify_request) {
WOLFSSL_MSG("Duplicate HelloVerifyRequest received");
return DUPLICATE_MSG_E;
Expand All @@ -13662,6 +13686,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)

#ifndef NO_WOLFSSL_CLIENT
case session_ticket:
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("SessionTicket received by server");
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_session_ticket) {
WOLFSSL_MSG("Duplicate SessionTicket received");
return DUPLICATE_MSG_E;
Expand Down Expand Up @@ -13698,6 +13728,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)

#ifndef NO_WOLFSSL_CLIENT
case certificate_status:
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("CertificateStatus received by server");
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_certificate_status) {
WOLFSSL_MSG("Duplicate CertificateStatus received");
return DUPLICATE_MSG_E;
Expand All @@ -13718,6 +13754,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)

#ifndef NO_WOLFSSL_CLIENT
case server_key_exchange:
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("ServerKeyExchange received by server");
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_server_key_exchange) {
WOLFSSL_MSG("Duplicate ServerKeyExchange received");
return DUPLICATE_MSG_E;
Expand Down Expand Up @@ -13770,6 +13812,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)

#ifndef NO_WOLFSSL_CLIENT
case certificate_request:
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("CertificateRequest received by server");
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_certificate_request) {
WOLFSSL_MSG("Duplicate CertificateRequest received");
return DUPLICATE_MSG_E;
Expand All @@ -13781,6 +13829,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)

#ifndef NO_WOLFSSL_CLIENT
case server_hello_done:
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("ServerHelloDone received by server");
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_server_hello_done) {
WOLFSSL_MSG("Duplicate ServerHelloDone received");
return DUPLICATE_MSG_E;
Expand Down Expand Up @@ -13821,6 +13875,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)

#ifndef NO_WOLFSSL_SERVER
case certificate_verify:
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_CLIENT_END) {
WOLFSSL_MSG("CertificateVerify received by client");
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_certificate_verify) {
WOLFSSL_MSG("Duplicate CertificateVerify received");
return DUPLICATE_MSG_E;
Expand All @@ -13836,6 +13896,12 @@ static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)

#ifndef NO_WOLFSSL_SERVER
case client_key_exchange:
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_CLIENT_END) {
WOLFSSL_MSG("ClientKeyExchange received by client");
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_client_key_exchange) {
WOLFSSL_MSG("Duplicate ClientKeyExchange received");
#ifdef WOLFSSL_EXTRA_ALERTS
Expand Down Expand Up @@ -29848,7 +29914,6 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
#ifdef HAVE_SNI
if((ret=SNI_Callback(ssl)))
goto out;
ssl->options.side = WOLFSSL_SERVER_END;
#endif

i += totalExtSz;
Expand Down Expand Up @@ -31492,12 +31557,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
case TLS_ASYNC_BEGIN:
{
/* Sanity checks */
if (ssl->options.side != WOLFSSL_SERVER_END) {
WOLFSSL_MSG("Client received client keyexchange, attack?");
WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
ERROR_OUT(WOLFSSL_FATAL_ERROR, exit_dcke);
}

/* server side checked in SanityCheckMsgReceived */
if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
WOLFSSL_MSG("Client sending keyexchange at wrong time");
SendAlert(ssl, alert_fatal, unexpected_message);
Expand Down
12 changes: 6 additions & 6 deletions src/tls13.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7725,7 +7725,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_CLIENT_END) {
WOLFSSL_MSG("ClientHello received by client");
return OUT_OF_ORDER_E;
return SIDE_ERROR;
}
#endif
if (ssl->options.clientState >= CLIENT_HELLO_COMPLETE) {
Expand All @@ -7746,7 +7746,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("ServerHello received by server");
return OUT_OF_ORDER_E;
return SIDE_ERROR;
}
#endif
if (ssl->msgsReceived.got_server_hello == 1) {
Expand All @@ -7763,7 +7763,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("NewSessionTicket received by server");
return OUT_OF_ORDER_E;
return SIDE_ERROR;
}
#endif
if (ssl->options.clientState < CLIENT_FINISHED_COMPLETE) {
Expand All @@ -7781,7 +7781,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
#ifndef NO_WOLFSSL_CLIENT
if (ssl->options.side == WOLFSSL_CLIENT_END) {
WOLFSSL_MSG("EndOfEarlyData received by client");
return OUT_OF_ORDER_E;
return SIDE_ERROR;
}
#endif
if (ssl->options.serverState < SERVER_FINISHED_COMPLETE) {
Expand All @@ -7807,7 +7807,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("EncryptedExtensions received by server");
return OUT_OF_ORDER_E;
return SIDE_ERROR;
}
#endif
if (ssl->options.serverState != SERVER_HELLO_COMPLETE) {
Expand Down Expand Up @@ -7861,7 +7861,7 @@ static int SanityCheckTls13MsgReceived(WOLFSSL* ssl, byte type)
#ifndef NO_WOLFSSL_SERVER
if (ssl->options.side == WOLFSSL_SERVER_END) {
WOLFSSL_MSG("CertificateRequest received by server");
return OUT_OF_ORDER_E;
return SIDE_ERROR;
}
#endif
#ifndef WOLFSSL_POST_HANDSHAKE_AUTH
Expand Down

0 comments on commit 9f6aa36

Please sign in to comment.